Machine data-derived key performance indicators with per-entity states
First Claim
Patent Images
1. A method comprising:
- receiving information indicating one or more thresholds associated with a key performance indicator (KPI) and a per-entity application of the thresholds, the KPI defined by a search query that derives a value from machine data associated with one or more entities that provide a service, wherein the value reflects a measure of the performance of the service;
storing the thresholds in association with the KPI in accordance with the received information such that a determining of a KPI state from among a plurality of KPI states is made, for an execution of the search query to produce an instance of the value, on a per-entity basis for at least one of the entities in accordance with the thresholds and a per-entity contribution to the instance of the value;
wherein the service corresponds to a stored service definition associating KPI information comprising the search query and associating an entity definition for each of the one or more entities, each entity definition comprising information to identify machine data pertaining to the respective entity;
wherein the machine data is produced by one or more components within an information technology environment and reflects activity within the information technology environment; and
wherein the method is performed by a computer system comprising one or more processors coupled to computer storage.
1 Assignment
0 Petitions
Accused Products
Abstract
Raw machine data are captured and may be organized as events. Entity definitions representing machine entities that perform a service identify the machine data pertaining to respective entities. KPI search queries each define a KPI. Each KPI search query derives one or more values for the KPI from machine data identified in the entity definitions. The derivation may be performed on a per-entity basis and on the aggregate. The derived values may then be translated into a state value domain using per-entity thresholds, aggregate thresholds, or a combination.
233 Citations
30 Claims
-
1. A method comprising:
-
receiving information indicating one or more thresholds associated with a key performance indicator (KPI) and a per-entity application of the thresholds, the KPI defined by a search query that derives a value from machine data associated with one or more entities that provide a service, wherein the value reflects a measure of the performance of the service; storing the thresholds in association with the KPI in accordance with the received information such that a determining of a KPI state from among a plurality of KPI states is made, for an execution of the search query to produce an instance of the value, on a per-entity basis for at least one of the entities in accordance with the thresholds and a per-entity contribution to the instance of the value; wherein the service corresponds to a stored service definition associating KPI information comprising the search query and associating an entity definition for each of the one or more entities, each entity definition comprising information to identify machine data pertaining to the respective entity; wherein the machine data is produced by one or more components within an information technology environment and reflects activity within the information technology environment; and wherein the method is performed by a computer system comprising one or more processors coupled to computer storage. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A system comprising:
-
a memory; and a processing device coupled with the memory to; receive information indicating one or more thresholds associated with a key performance indicator (KPI) and a per-entity application of the thresholds, the KPI defined by a search query that derives a value from machine data associated with one or more entities that provide a service, wherein the value reflects a measure of the performance of the service; store the thresholds in association with the KPI in accordance with the received information such that a determining of a KPI state from among a plurality of KPI states is made, for an execution of the search query to produce an instance of the value, on a per-entity basis for at least one of the entities in accordance with the thresholds and a per-entity contribution to the instance of the value; and wherein the service corresponds to a stored service definition associating KPI information comprising the search query and associating an entity definition for each of the one or more entities, each entity definition comprising information to identify machine data pertaining to the respective entity; wherein the machine data is produced by one or more components within an information technology environment and reflects activity within the information technology environment. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23)
-
-
24. A non-transitory computer readable storage medium encoding instructions thereon that, in response to execution by one or more processing devices, cause the one or more processing devices to perform operations comprising:
-
receiving information indicating one or more thresholds associated with a key performance indicator (KPI) and a per-entity application of the thresholds, the KPI defined by a search query that derives a value from machine data associated with one or more entities that provide a service, wherein the value reflects a measure of the performance of the service; storing the thresholds in association with the KPI in accordance with the received information such that a determining of a KPI state from among a plurality of KPI states is made, for an execution of the search query to produce an instance of the value, on a per-entity basis for at least one of the entities in accordance with the thresholds and a per-entity contribution to the instance of the value; and wherein the service corresponds to a stored service definition associating KPI information comprising the search query and associating an entity definition for each of the one or more entities, each entity definition comprising information to identify machine data pertaining to the respective entity; wherein the machine data is produced by one or more components within an information technology environment and reflects activity within the information technology environment. - View Dependent Claims (25, 26, 27, 28, 29, 30)
-
Specification